Detective Policy Evaluation
Detective policy evaluation is triggered as part of an aggregation or a task that refreshes identities (such as an Identity Refresh task).
For policy evaluation during aggregation, select the option Check active policies in the aggregation task to include policy evaluation as part of the task.
For policy evaluation during an Identity Refresh task, the same option, Check active policies, must be selected. In an Identity Refresh task there are two additional options for evaluation during the task:
-
Keep previous violations keeps all existing violations, even if they are found to be resolved or do not match any active policy.
-
A comma separated list of policy names. Entering a list of policies in this field means the task will check only the listed policies that are active; leaving this field blank tells the refresh task to check all active policies. Note that if a policy is included in this field but is inactive, it will not be evaluated as part of the task.